The Equifax breach was already illegal - I assume you mean you think that websites shouldn't keep user information to prevent future data breaches.

This is a bad solution to that problem. So many people's data was stolen that preventing future data from being stolen isn't the most important thing we should be doing. Last I heard it was 150 million people - that's enough that it no longer really matters to the average person if their data is leaked in the future because there's such a high change it already has.

The real solution is to change our systems so that data leaks aren't a big deal. If people didn't ask for a 9 digit number to identify me, as if that's a reasonable thing to keep secret, then it wouldn't matter if everyone in the world knew it. That's the problem with data breaches like this. That's what we should be fixing in response to it.